Setup Static IP's Router behind RG 5031NV

Contributor

Setup Static IP's Router behind RG 5031NV

I am trying to move from TWC to AT&T and need to have static IP's. I have a block of 5 usable and have been working with AT&T Level 2 support to try and get them working. They cannot figure this out. I would prefer to setup bridge mode in the device and let my firewall do all the routing and protection. This is my current setup. I have tried a few different things since the AT&T Level 2 guys can't figure it out. I've read that this model does not do bridging well, if at all. I've tried the DMZ route and that assigned a completely different public IP to my device than what I was given. How do I configure this device to work the way I need it to? If I can't get this to work, I'm going to seriously cancel the service. I'm on day 5 of trying to get this working. 

 

Any help is greatly appreciated. 

 

 

Message 1 of 18 (19,869 Views)
Highlighted
Expert

Re: Setup Static IP's Router behind RG 5031NV

[ Edited ]

Yes, I agree that this Cascaded router setup is highly confusing:

1. Having public IP addresses on one side of a router, the Internet on the other side of the gateway, and an intervening RFC-1918 private IP network in between is counterintuitive. One would think that publically-addressed Internet packets could not (and should not) traverse a private network.  However, this is actually a legal configuration given that the 2Wire router is prepared to route traffic over the private network.

2. Since you actually have another RFC-1918 private network behind your own router, the public IP addresses are actually completely virtual in that none of them are actually assigned to a physical LAN port on any device.

The cool part you have been able to do with this configuration is:

A) Be able to use your own router and static IP addresses behind it, which was never possible before the cascaded router option showed up in the last firmware update.

B) Cascaded router setup on the 2Wire + your 1:1 NAT configuration on your router essentially sidesteps the 2Wire routers' enforcement of 1:1 mappings between IP addresses and MAC addresses (i.e. no multihoming). You can now have all 5 of the public IP addresses usable within the same piece of hardware (the Zyxel router).

 

 

Message 16 of 18 (18,195 Views)
Contributor

Re: Setup Static IP's Router behind RG 5031NV

I have a question about the solution to this problem.  If you configure the WAN of your firewall with a private IP from the 5031 pool then I would think that the firewall  itself would use the dynamic public IP from the 5031 WAN side.  So devices _behind_ the firewall would have static public IPs but the firewall itself would be using a NATed and dynamic IP.  This would be a problem for me because I am currently running a VPN from the firewall and I need that the WAN side of the firewall also be static.

 

So it seems like you can have one static for your firewall _or_  5 statics for devices behind the firewall but you can't have statics for both?

 

Thanks,

Diego

Message 17 of 18 (9,668 Views)
Contributor

Re: Setup Static IP's Router behind RG 5031NV

I'm in the same boat as you Diego... is it possible to use 1 of the 5 for the firewall and still have he remaining 4 available for devices behind it? I'm using a Sophos sg appliance behind the att gateway and I want the Sophos to run my VPN as well as do all NAT from public WAN to internal LAN Is it possible or am I stuck with only mapping a LAN IP to the WAN port of the Sophos using the cascaded router option ?
Message 18 of 18 (647 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.